CVE-2025-48468 — MEDIUM (6.4)

Vulnerability Description

Successful exploitation of the vulnerability could allow an attacker that has physical access to interface with JTAG to inject or modify firmware.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Advantech	Wise-4010Lan Firmware	2.02b00
Advantech	Wise-4010Lan	-
Advantech	Wise-4050Lan Firmware	2.02b00
Advantech	Wise-4050Lan	-
Advantech	Wise-4060Lan Firmware	2.02b00
Advantech	Wise-4060Lan	-

Related Weaknesses (CWE)

CWE-1191

References

https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061Vendor Advisory

FAQ

What is CVE-2025-48468?

CVE-2025-48468 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Successful exploitation of the vulnerability could allow an attacker that has physical access to interface with JTAG to inject or modify firmware.

How severe is CVE-2025-48468?

CVE-2025-48468 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-48468?

Check the references section above for vendor advisories and patch information. Affected products include: Advantech Wise-4010Lan Firmware, Advantech Wise-4010Lan, Advantech Wise-4050Lan Firmware, Advantech Wise-4050Lan, Advantech Wise-4060Lan Firmware.